Update IDF to aaf1239 (#1539)

* fix sdmmc config

* Fix warnings in EEPROM

from @Curclamas

* remove leftover TAG in EEPROM

* Initial add of @stickbreaker i2c

* Add log_n

* fix warnings when log is off

* i2c code clean up and reorganization

* add flags to interrupt allocator

* fix sdmmc config

* Fix warnings in EEPROM

from @Curclamas

* remove leftover TAG in EEPROM

* fix errors with latest IDF

* fix debug optimization (#1365)

incorrect optimization for debugging tick markers.

* Fix some missing BT header

* Change BTSerial log calls

* Update BLE lib

* Arduino-ESP32 release management scripted (#1515)

* Calculate an absolute path for a custom partitions table (#1452)

* * Arduino-ESP32 release management scripted
(ready-to-merge)

* * secure env for espressif/arduino-esp32

* * build tests enabled
* gitter webhook enabled

* * gitter room link fixed
* better comment

* * filepaths fixed

* BT Serial adjustments

* * don't run sketch builds & tests for tagged builds

* Return false from WiFi.hostByName() if hostname is not resolved

* Free BT Memory when BT is not used

* WIFI_MODE_NULL is not supported anymore

* Select some key examples to build with PlatformIO to save some time

* Update BLE lib

* Fixed BLE lib

* Major WiFi overhaul

- auto reconnect on connection loss now works
- moved to event groups
- some code clean up and procedure optimizations
- new methods to get a more elaborate system ststus

* Add cmake tests to travis

* Add initial AsyncUDP

* Add NetBIOS lib and fix CMake includes

* Add Initial WebServer

* Fix WebServer and examples

* travis not quiting on build fail

* Try different travis build

* Update IDF to aaf1239

* Fix WPS Example

* fix script permission and add some fail tests to sketch builder

* Add missing space in WiFiClient::write(Stream &stream)

tools/sdk/include/wpa_supplicant/wpa2/eap_peer/eap.h

@@ -10,15 +10,45 @@
 #define EAP_H
 
 #include "wpa/defs.h"
-#include "eap/eap_defs.h"
+#include "wpa2/eap_peer/eap_defs.h"
 
 struct eap_sm;
 
 struct eap_method_type {
 	int vendor;
-	u32 method;
+	EapType method;
 };
 
+u8 *g_wpa_anonymous_identity;
+int g_wpa_anonymous_identity_len;
+u8 *g_wpa_username;
+int g_wpa_username_len;
+const u8 *g_wpa_client_cert;
+int g_wpa_client_cert_len;
+const u8 *g_wpa_private_key;
+int g_wpa_private_key_len;
+const u8 *g_wpa_private_key_passwd;
+int g_wpa_private_key_passwd_len;
+
+const u8 *g_wpa_ca_cert;
+int g_wpa_ca_cert_len;
+
+u8 *g_wpa_password;
+int g_wpa_password_len;
+
+u8 *g_wpa_new_password;
+int g_wpa_new_password_len;
+
 const u8 * eap_get_eapKeyData(struct eap_sm *sm, size_t *len);
+void eap_deinit_prev_method(struct eap_sm *sm, const char *txt);
+struct wpabuf * eap_sm_build_nak(struct eap_sm *sm, EapType type, u8 id);
+int eap_peer_blob_init(struct eap_sm *sm);
+void eap_peer_blob_deinit(struct eap_sm *sm);
+int eap_peer_config_init(
+	struct eap_sm *sm, u8 *private_key_passwd,
+	int private_key_passwd_len);
+void eap_peer_config_deinit(struct eap_sm *sm);
+void eap_sm_abort(struct eap_sm *sm);
+int eap_peer_register_methods(void);
 
 #endif /* EAP_H */

tools/sdk/include/wpa_supplicant/wpa2/eap_peer/eap_config.h

@@ -26,6 +26,10 @@ struct eap_peer_config {
 	 */
 	size_t identity_len;
 
+	u8 *anonymous_identity;
+
+	size_t anonymous_identity_len;
+
 	/**
 	 * password - Password string for EAP
 	 *
@@ -139,8 +143,29 @@ struct eap_peer_config {
 	 */
 	u8 *private_key_passwd;
 
+	/**
+	 * Phase 2
+	 */
+	u8 *ca_cert2;
+
+	u8 *ca_path2;
+
+	u8 *client_cert2;
+
+	u8 *private_key2;
+
+	u8 *private_key2_password;
+
+	/**
+	 * eap_methods - Allowed EAP methods
+	 */
+	struct eap_method_type *eap_methods;
+
+
 	char *phase1;
 
+	char *phase2;
+
 	/**
 	 * pin - PIN for USIM, GSM SIM, and smartcards
 	 *
@@ -152,6 +177,10 @@ struct eap_peer_config {
 	 */
 	char *pin;
 
+	int mschapv2_retry;
+	u8 *new_password;
+	size_t new_password_len;
+
 	/**
 	 * fragment_size - Maximum EAP fragment size in bytes (default 1398)
 	 *
@@ -204,7 +233,7 @@ struct wpa_config_blob {
 	/**
 	 * data - Pointer to binary data
 	 */
-	u8 *data;
+	const u8 *data;
 
 	/**
 	 * len - Length of binary data

tools/sdk/include/wpa_supplicant/wpa2/eap_peer/eap_i.h

@@ -13,6 +13,7 @@
 #include "eap.h"
 #include "eap_common.h"
 #include "eap_config.h"
+#include "esp_wpa2.h"
 
 /* RFC 4137 - EAP Peer state machine */
 
@@ -54,11 +55,48 @@ struct eap_method_ret {
 	Boolean allowNotifications;
 };
 
+struct eap_sm;
+
+struct eap_method {
+	/**
+	 * vendor -EAP Vendor-ID
+	 */
+	int vendor;
+
+	/**
+	 * method - EAP type number
+	 */
+	EapType method;	
+
+	/**
+	 * name - Name of the method (e.g., "TLS")
+	 */
+	const char *name;
+
+	struct eap_method *next;
+
+	void * (*init)(struct eap_sm *sm);
+	void (*deinit)(struct eap_sm *sm, void *priv);
+	struct wpabuf * (*process)(struct eap_sm *sm, void *priv,
+				   struct eap_method_ret *ret,
+				   const struct wpabuf *reqData);
+	bool (*isKeyAvailable)(struct eap_sm *sm, void *priv);
+	u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len);
+	int (*get_status)(struct eap_sm *sm, void *priv, char *buf,
+			  size_t buflen, int verbose);
+	const u8 * (*get_identity)(struct eap_sm *sm, void *priv, size_t *len);
+	void (*free)(struct eap_method *method);
+	bool (*has_reauth_data)(struct eap_sm *sm, void *priv);
+	void (*deinit_for_reauth)(struct eap_sm *sm, void *priv);
+	void * (*init_for_reauth)(struct eap_sm *sm, void *priv);
+	u8 * (*getSessionId)(struct eap_sm *sm, void *priv, size_t *len);
+};
+
 #define CLIENT_CERT_NAME	"CLC"
 #define CA_CERT_NAME		"CAC"
 #define PRIVATE_KEY_NAME	"PVK"
 #define BLOB_NAME_LEN		3
-#define BLOB_NUM		2
+#define BLOB_NUM		3
 
 /**
  * struct eap_sm - EAP state machine data
@@ -80,9 +118,26 @@ struct eap_sm {
     	u8 wpa2_sig_cnt[SIG_WPA2_NUM];
 #endif
 	u8 finish_state;
+
+	int init_phase2;
+	bool peap_done;
+
+	u8 *eapKeyData;
+	size_t eapKeyDataLen;
+	struct wpabuf *lastRespData;
+	const struct eap_method *m;
 };
 
+wpa2_crypto_funcs_t wpa2_crypto_funcs;
+
+const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);
+const u8 * eap_get_config_password(struct eap_sm *sm, size_t *len);
+const u8 * eap_get_config_password2(struct eap_sm *sm, size_t *len, int *hash);
+const u8 * eap_get_config_new_password(struct eap_sm *sm, size_t *len);
 struct eap_peer_config * eap_get_config(struct eap_sm *sm);
 const struct wpa_config_blob * eap_get_config_blob(struct eap_sm *sm, const char *name);
+bool wifi_sta_get_enterprise_disable_time_check(void);
+
+struct wpabuf * eap_sm_build_identity_resp(struct eap_sm *sm, u8 id, int encrypted);
 
 #endif /* EAP_I_H */

tools/sdk/include/wpa_supplicant/wpa2/eap_peer/eap_methods.h

@@ -0,0 +1,39 @@
+/*
+ * EAP peer: Method registration
+ * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef EAP_METHODS_H
+#define EAP_METHODS_H
+
+#include "eap_defs.h"
+#include "eap_config.h"
+
+const struct eap_method * eap_peer_get_eap_method(int vendor, EapType method);
+const struct eap_method * eap_peer_get_methods(size_t *count);
+
+u32 eap_get_phase2_type(const char *name, int *vendor);
+struct eap_method_type * eap_get_phase2_types(struct eap_peer_config *config,
+					      size_t *count);
+
+struct eap_method * eap_peer_method_alloc(int verdor, EapType method,
+					  const char *name);
+
+void eap_peer_method_free(struct eap_method *method);
+int eap_peer_method_register(struct eap_method *method);
+
+void eap_peer_unregister_methods(void);
+
+//int eap_peer_md5_register(void);
+int eap_peer_tls_register(void);
+int eap_peer_peap_register(void);
+int eap_peer_ttls_register(void);
+int eap_peer_mschapv2_register(void);
+
+void eap_peer_unregister_methods(void);
+int eap_peer_register_methods(void);
+
+#endif /* EAP_METHODS_H */

tools/sdk/include/wpa_supplicant/wpa2/eap_peer/eap_peap_common.h

@@ -0,0 +1,16 @@
+/*
+ * EAP-PEAP common routines
+ * Copyright (c) 2008-2011, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef EAP_PEAP_COMMON_H
+#define EAP_PEAP_COMMON_H
+
+int peap_prfplus(int version, const u8 *key, size_t key_len,
+		 const char *label, const u8 *seed, size_t seed_len,
+		 u8 *buf, size_t buf_len);
+
+#endif /* EAP_PEAP_COMMON_H */

tools/sdk/include/wpa_supplicant/wpa2/eap_peer/eap_tlv_common.h

@@ -0,0 +1,112 @@
+/*
+ * EAP-TLV definitions (draft-josefsson-pppext-eap-tls-eap-10.txt)
+ * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef EAP_TLV_COMMON_H
+#define EAP_TLV_COMMON_H
+
+/* EAP-TLV TLVs (draft-josefsson-ppext-eap-tls-eap-10.txt) */
+#define EAP_TLV_RESULT_TLV 3 /* Acknowledged Result */
+#define EAP_TLV_NAK_TLV 4
+#define EAP_TLV_ERROR_CODE_TLV 5
+#define EAP_TLV_CONNECTION_BINDING_TLV 6
+#define EAP_TLV_VENDOR_SPECIFIC_TLV 7
+#define EAP_TLV_URI_TLV 8
+#define EAP_TLV_EAP_PAYLOAD_TLV 9
+#define EAP_TLV_INTERMEDIATE_RESULT_TLV 10
+#define EAP_TLV_PAC_TLV 11 /* RFC 5422, Section 4.2 */
+#define EAP_TLV_CRYPTO_BINDING_TLV 12
+#define EAP_TLV_CALLING_STATION_ID_TLV 13
+#define EAP_TLV_CALLED_STATION_ID_TLV 14
+#define EAP_TLV_NAS_PORT_TYPE_TLV 15
+#define EAP_TLV_SERVER_IDENTIFIER_TLV 16
+#define EAP_TLV_IDENTITY_TYPE_TLV 17
+#define EAP_TLV_SERVER_TRUSTED_ROOT_TLV 18
+#define EAP_TLV_REQUEST_ACTION_TLV 19
+#define EAP_TLV_PKCS7_TLV 20
+
+#define EAP_TLV_RESULT_SUCCESS 1
+#define EAP_TLV_RESULT_FAILURE 2
+
+#define EAP_TLV_TYPE_MANDATORY 0x8000
+#define EAP_TLV_TYPE_MASK 0x3fff
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+struct eap_tlv_hdr {
+	be16 tlv_type;
+	be16 length;
+} STRUCT_PACKED;
+
+struct eap_tlv_nak_tlv {
+	be16 tlv_type;
+	be16 length;
+	be32 vendor_id;
+	be16 nak_type;
+} STRUCT_PACKED;
+
+struct eap_tlv_result_tlv {
+	be16 tlv_type;
+	be16 length;
+	be16 status;
+} STRUCT_PACKED;
+
+/* RFC 4851, Section 4.2.7 - Intermediate-Result TLV */
+struct eap_tlv_intermediate_result_tlv {
+	be16 tlv_type;
+	be16 length;
+	be16 status;
+	/* Followed by optional TLVs */
+} STRUCT_PACKED;
+
+/* RFC 4851, Section 4.2.8 - Crypto-Binding TLV */
+struct eap_tlv_crypto_binding_tlv {
+	be16 tlv_type;
+	be16 length;
+	u8 reserved;
+	u8 version;
+	u8 received_version;
+	u8 subtype;
+	u8 nonce[32];
+	u8 compound_mac[20];
+} STRUCT_PACKED;
+
+struct eap_tlv_pac_ack_tlv {
+	be16 tlv_type;
+	be16 length;
+	be16 pac_type;
+	be16 pac_len;
+	be16 result;
+} STRUCT_PACKED;
+
+/* RFC 4851, Section 4.2.9 - Request-Action TLV */
+struct eap_tlv_request_action_tlv {
+	be16 tlv_type;
+	be16 length;
+	be16 action;
+} STRUCT_PACKED;
+
+/* RFC 5422, Section 4.2.6 - PAC-Type TLV */
+struct eap_tlv_pac_type_tlv {
+	be16 tlv_type; /* PAC_TYPE_PAC_TYPE */
+	be16 length;
+	be16 pac_type;
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+#define EAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST 0
+#define EAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE 1
+
+#define EAP_TLV_ACTION_PROCESS_TLV 1
+#define EAP_TLV_ACTION_NEGOTIATE_EAP 2
+
+#endif /* EAP_TLV_COMMON_H */

tools/sdk/include/wpa_supplicant/wpa2/eap_peer/eap_ttls.h

@@ -0,0 +1,65 @@
+/*
+ * EAP server/peer: EAP-TTLS (RFC 5281)
+ * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef EAP_TTLS_H
+#define EAP_TTLS_H
+
+struct ttls_avp {
+	be32 avp_code;
+	be32 avp_length; /* 8-bit flags, 24-bit length;
+			  * length includes AVP header */
+	/* optional 32-bit Vendor-ID */
+	/* Data */
+};
+
+struct ttls_avp_vendor {
+	be32 avp_code;
+	be32 avp_length; /* 8-bit flags, 24-bit length;
+			  * length includes AVP header */
+	be32 vendor_id;
+	/* Data */
+};
+
+#define AVP_FLAGS_VENDOR 0x80
+#define AVP_FLAGS_MANDATORY 0x40
+
+#define AVP_PAD(start, pos) \
+do { \
+	int __pad; \
+	__pad = (4 - (((pos) - (start)) & 3)) & 3; \
+	os_memset((pos), 0, __pad); \
+	pos += __pad; \
+} while (0)
+
+
+/* RFC 2865 */
+#define RADIUS_ATTR_USER_NAME 1
+#define RADIUS_ATTR_USER_PASSWORD 2
+#define RADIUS_ATTR_CHAP_PASSWORD 3
+#define RADIUS_ATTR_REPLY_MESSAGE 18
+#define RADIUS_ATTR_CHAP_CHALLENGE 60
+#define RADIUS_ATTR_EAP_MESSAGE 79
+
+/* RFC 2548 */
+#define RADIUS_VENDOR_ID_MICROSOFT 311
+#define RADIUS_ATTR_MS_CHAP_RESPONSE 1
+#define RADIUS_ATTR_MS_CHAP_ERROR 2
+#define RADIUS_ATTR_MS_CHAP_NT_ENC_PW 6
+#define RADIUS_ATTR_MS_CHAP_CHALLENGE 11
+#define RADIUS_ATTR_MS_CHAP2_RESPONSE 25
+#define RADIUS_ATTR_MS_CHAP2_SUCCESS 26
+#define RADIUS_ATTR_MS_CHAP2_CPW 27
+
+#define EAP_TTLS_MSCHAPV2_CHALLENGE_LEN 16
+#define EAP_TTLS_MSCHAPV2_RESPONSE_LEN 50
+#define EAP_TTLS_MSCHAP_CHALLENGE_LEN 8
+#define EAP_TTLS_MSCHAP_RESPONSE_LEN 50
+#define EAP_TTLS_CHAP_CHALLENGE_LEN 16
+#define EAP_TTLS_CHAP_PASSWORD_LEN 16
+
+#endif /* EAP_TTLS_H */

tools/sdk/include/wpa_supplicant/wpa2/eap_peer/mschapv2.h

@@ -0,0 +1,24 @@
+/*
+ * MSCHAPV2
+ */
+
+
+#ifndef MSCHAPV2_H
+#define MSCHAPV2_H
+
+#define MSCHAPV2_CHAL_LEN		16
+#define MSCHAPV2_NT_RESPONSE_LEN	24
+#define MSCHAPV2_AUTH_RESPONSE_LEN	20
+#define MSCHAPV2_MASTER_KEY_LEN		16
+
+const u8 * mschapv2_remove_domain(const u8 *username, size_t *len);
+int mschapv2_derive_response(const u8 *username, size_t username_len,
+			     const u8 *password, size_t password_len,
+			     int pwhash,
+			     const u8 *auth_challenge,
+			     const u8 *peer_challenge,
+			     u8 *nt_response, u8 *auth_response,
+			     u8 *master_key);
+int mschapv2_verify_auth_response(const u8 *auth_response,
+				  const u8 *buf, size_t buf_len);
+#endif /* MSCHAPV2_H */